I'm doing some experimentation with cipher lists using OpenSSL 1.0.1h. I have two peers using the same libraries, and both enabled with these suites in the call to SSL_set_cipher_list():
1. ECDHE-ECDSA-AES128-GCM-SHA256 2. ECDHE-RSA-AES128-GCM-SHA256 3. DHE-RSA-AES128-GCM-SHA256 These are shown by the 'openssl ciphers' command using the same libraries. I have specified each of these individually to try out each one independently of the others. Neither of the ECDHE ciphers (1 and 2 above) are chosen by my two peers, and the result is 'no shared cipher' when either of these is specified. Cipher 3 is chosen successfully, so it seems that the failing component is the elliptic curve modifier of DHE. If it's in the supported list, what is preventing ECDHE from being used? What am I missing to use the ECDHE- suites? How can I track down where my mistake is? Thanks for whatever guidance is offered. +-+-+-+-+-+-+-+-+- Dave McLellan, Enterprise Storage Software Engineering, EMC Corporation, 176 South St. Mail Stop 176-V1 1/P-36, Hopkinton, MA 01749 Office: 508-249-1257, FAX: 508-497-8027, Mobile: 978-500-2546, dave.mclel...@emc.com +-+-+-+-+-+-+-+-+-
